package org.jscep.message;

import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientOperator;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.operator.InputDecryptor;

/* loaded from: classes3.dex */
public final class f {

    /* renamed from: c, reason: collision with root package name */
    private static final com.sophos.jsceplib.d.a f14680c = com.sophos.jsceplib.d.a.d(f.class);

    /* renamed from: a, reason: collision with root package name */
    private final X509Certificate f14681a;

    /* renamed from: b, reason: collision with root package name */
    private final PrivateKey f14682b;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class a extends JceKeyTransEnvelopedRecipient {

        /* renamed from: a, reason: collision with root package name */
        private final PrivateKey f14683a;

        /* renamed from: org.jscep.message.f$a$a, reason: collision with other inner class name */
        /* loaded from: classes3.dex */
        class C0287a implements InputDecryptor {

            /* renamed from: a, reason: collision with root package name */
            final /* synthetic */ AlgorithmIdentifier f14684a;

            /* renamed from: b, reason: collision with root package name */
            final /* synthetic */ Cipher f14685b;

            C0287a(a aVar, AlgorithmIdentifier algorithmIdentifier, Cipher cipher) {
                this.f14684a = algorithmIdentifier;
                this.f14685b = cipher;
            }

            @Override // org.bouncycastle.operator.InputDecryptor
            public AlgorithmIdentifier getAlgorithmIdentifier() {
                return this.f14684a;
            }

            @Override // org.bouncycastle.operator.InputDecryptor
            public InputStream getInputStream(InputStream inputStream) {
                return new CipherInputStream(inputStream, this.f14685b);
            }
        }

        public a(PrivateKey privateKey) {
            super(privateKey);
            this.f14683a = privateKey;
        }

        private AlgorithmParameterSpec a(AlgorithmIdentifier algorithmIdentifier) throws GeneralSecurityException {
            return new IvParameterSpec(ASN1OctetString.getInstance(algorithmIdentifier.getParameters()).getOctets());
        }

        private Key b(PrivateKey privateKey, byte[] bArr) throws GeneralSecurityException {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(4, privateKey);
            try {
                return cipher.unwrap(bArr, "DES", 3);
            } catch (InvalidKeyException e2) {
                f.f14680c.b("Cannot unwrap symetric key.  Are you using a valid key pair?");
                throw e2;
            }
        }

        @Override // org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient, org.bouncycastle.cms.KeyTransRecipient
        public RecipientOperator getRecipientOperator(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, byte[] bArr) throws CMSException {
            if (!"1.3.14.3.2.7".equals(algorithmIdentifier2.getAlgorithm().getId())) {
                return super.getRecipientOperator(algorithmIdentifier, algorithmIdentifier2, bArr);
            }
            try {
                Key b2 = b(this.f14683a, bArr);
                Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
                cipher.init(2, b2, a(algorithmIdentifier2));
                return new RecipientOperator(new C0287a(this, algorithmIdentifier2, cipher));
            } catch (GeneralSecurityException e2) {
                throw new CMSException("Could not create DES cipher", e2);
            }
        }
    }

    public f(X509Certificate x509Certificate, PrivateKey privateKey) {
        this.f14681a = x509Certificate;
        this.f14682b = privateKey;
    }

    private JceKeyTransEnvelopedRecipient c() {
        return new a(this.f14682b);
    }

    private void d(CMSEnvelopedData cMSEnvelopedData) {
        EnvelopedData.getInstance(cMSEnvelopedData.toASN1Structure().getContent());
    }

    public byte[] b(CMSEnvelopedData cMSEnvelopedData) throws MessageDecodingException {
        f14680c.a("Decoding pkcsPkiEnvelope", new Object[0]);
        d(cMSEnvelopedData);
        f14680c.a("Decrypting pkcsPkiEnvelope using key belonging to dn=" + this.f14681a.getSubjectDN() + "  serial=" + this.f14681a.getSerialNumber(), new Object[0]);
        RecipientInformation recipientInformation = cMSEnvelopedData.getRecipientInfos().get(new JceKeyTransRecipientId(this.f14681a));
        if (recipientInformation == null) {
            throw new MessageDecodingException("Missing expected key transfer recipient " + this.f14681a.getSubjectDN());
        }
        try {
            byte[] content = recipientInformation.getContent(c());
            f14680c.a("Finished decoding pkcsPkiEnvelope", new Object[0]);
            return content;
        } catch (CMSException e2) {
            throw new MessageDecodingException(e2);
        }
    }
}
